• International Journal of Knowledge Content Development & Technology
• /
• 제10권1호
• /
• pp.7-20
• /
• 2020

For research data to be shared without legal, financial and technical barriers in the Open Science era, data repositories must have the functional requirements asked by DMP and CoreTrustSeal. In order to derive functional requirements for the data repository, this study analyzed the Data Management Plan (DMP) and CoreTrustSeal, the criteria for certification of research data repositories. Deposit, Ethics, License, Discovery, Identification, Reuse, Security, Preservation, Accessibility, Availability, and (Meta) Data Quality, commonly required by DMP and CoreTrustSeal, were derived as functional requirements that should be implemented first in implementing data repositories. Confidentiality, Integrity, Reliability, Archiving, Technical Infrastructure, Documented Storage Procedure, Organizational Infrastructure, (Meta) Data Evaluation, and Policy functions were further derived from CoreTrustSeal. The functional requirements of the data repository derived from this study may be required as a key function when developing the repository. It is also believed that it could be used as a key item to introduce repository functions to researchers for depositing data.

• International Journal of Knowledge Content Development & Technology
• /
• 제8권1호
• /
• pp.25-36
• /
• 2018

Research data must be testable. Science is all about verification and testing. To make data testable, tools used to produce, collect, and examine data during the research must be available. Quite often, however, these data become inaccessible once the work is over and the results being published. Hence, information and the related context must be provided on how research data are preserved and how they can be reproduced. Open Science is the international movement for making scientific research data properly accessible for research community. One of its major goals is building data repositories to foster wide dissemination of open data. The objectives of this research are to examine the features of research data, common repository platforms, and community requests for the purpose of designing functional requirements for research data repositories. To analyze the features of the research data, we use data curation profiles available from the Data Curation Center of the Purdue University, USA. For common repository platforms we examine Fedora Commons, iRODS, DataONE, Dataverse, Open Science Data Cloud (OSDC), and Figshare. We also analyze the requests from research community. To design a technical solution that would meet public needs for data accessibility and sharing, we take the requirements of RDA Repository Interest Group and the requests for the DataNest Community Platform developed by the Korea Institute of Science and Technology Information (KISTI). As a result, we particularize 75 requirement items grouped into 13 categories (metadata; identifiers; authentication and permission management; data access, policy support; publication; submission/ingest/management, data configuration, location; integration, preservation and sustainability, user interface; data and product quality). We hope that functional requirements set down in this study will be of help to organizations that consider deploying or designing data repositories.

• 한국중재학회지:중재연구
• /
• 제9권1호
• /
• pp.367-390
• /
• 1999

The basic requirements for conducting electronic commerce include confidentiality, integrity, authentication and authorization. Cryptographic algorithms, make possible use of powerful authentication and encryption methods. Cryptographic techniques offer essential types of services for electronic commerce : authentication, non-repudiation. The oldest form of key-based cryptography is called secret-key or symmetric encryption. Public-key systems offer some advantages. The public key pair can be rapidly distributed. We don't have to send a copy of your public key to all the respondents. Fast cryptographic algorithms for generating message digests are known as one-way hash function. In order to use public-key cryptography, we need to generate a public key and a private key. We could use e-mail to send public key to all the correspondents. A better, trusted way of distributing public keys is to use a certification authority. A certification authority will accept our public key, along with some proof of identity, and serve as a repository of digital certificates. The digital certificate acts like an electronic driver's license. The Korea government is trying to set up the Public Key Infrastructure for certificate authorities. Both governments and the international business community must involve archiving keys with trusted third parties within a key management infrastructure. The archived keys would be managed, secured by governments under due process of law and strict accountability. It is important that all the nations continue efforts to develop an escrowed key in frastructure based on voluntary use and international standards and agreements.

• International Journal of Computer Science & Network Security
• /
• 제21권12spc호
• /
• pp.399-408
• /
• 2021

Information security reports four types of basic attacks on information. One of the attacks is named as fabrication. Even though mobile devices and applications are showing its maturity in terms of performance, security and ubiquity, location-based applications still faces challenges of quality of service, privacy, integrity, authentication among mobile devices and hence mobile users associated with the devices. There is always a continued fear as how location information of users or IoT appliances is used by third party LB Service providers. Even adversary or malicious attackers get hold of location information in transit or fraudulently hold this information. In this paper, location information fabrication scenarios are presented after knowing basic model of information attacks. Peer-to-Peer broadcast model of location privacy is proposed. This document contains introduction to fabrication, solutions to such threats, management of fabrication mitigation in collaborative or peer to peer location privacy and its cost analysis. There are various infrastructure components in Location Based Services such as Governance Server, Point of interest POI repository, POI service, End users, Intruders etc. Various algorithms are presented and analyzed for fabrication management, integrity, and authentication. Moreover, anti-fabrication mechanism is devised in the presence of trust. Over cost analysis is done for anti-fabrication management due to nature of various cryptographic combinations.

• 정보보호학회논문지
• /
• 제16권5호
• /
• pp.47-57
• /
• 2006

모바일 Ad-hoc 네트워크는 인프라에 관계없이 동작하고 제3의 신뢰기관 없이 운용되어야 한다. 또한 네트워크 크기, 노드 이동성, 기기의 배터리 용량 및 메모리 크기 등에 의하여 구현상 제약을 받는다. 그럼에도 불구하고 유선 네트워크처럼 인증, 기밀성, 무결성, 부인방지, 접근통제, 그리고 가용성 등 보안문제에 대한 고려가 필요하다. 특히, 이러한 보안문제들 중에서 인증은 네트워크 특성에 상당한 영향을 받기 때문에 본 논문에서는 인증에 초점을 맞추었다. 본 논문은 Hamming Distance의 개념을 도입하여 모바일 Ad-hoc 네트워크에서 공개키 인증서 생성 갱신 폐지 등 공개키 인증서 관리를 위한 프로토콜 및 공개키 인증서 검증을 위한 경로구축 알고리즘을 제안하고 그 성능을 평가한다. 본 논문에서 제안하는 경로구축 알고리즘은 각 노드의 공개키 인증서 저장소 크기를 $log_2N$보다 작아도 공개키 인증서 경로구축이 가능하도록 하였다.

• 한국도서관정보학회지
• /
• 제54권2호
• /
• pp.89-110
• /
• 2023

연구데이터 공유 및 보존을 위한 도구로 데이터 리포지터리가 활용되고 있다. 본 연구는 데이터 리포지터리 현황을 조사하고 Coretrustseal 인증 획득 방안을 제안하기 위하여 수행되었다. 연구 목적을 달성하기 위하여 re3data.org에서 Geoscience 분야의 데이터 리포지터리 현황에 대해 조사하였고 해당 리포지터리 중 Coretrustseal 인증을 획득한 10개의 모범사례를 분석하였다. 먼저, 리포지터리 현황을 파악한 결과, 국가별로 미국, 독일, 캐나다가 전체 리포지터리 중 66%를 차지하고 있으며 CTS 인증 현황 경우 미국, 유럽 그리고 독일의 비중이 58%로 나타났다. 다음으로 CTS 인증 확보를 위한 방안으로서 데이터 정책, 조직 인프라 그리고 기술 인프라 측면에서의 필요한 세부내용 및 요구사항을 제시하였다. 추후 본 연구 결과가 국내의 데이터 리포지터리 구축 및 운영 그리고 CTS 인증 획득에 도움이 되길 기대해본다.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2009년도 춘계학술대회
• /
• pp.561-564
• /
• 2009

본 논문에서는 공동 작업을 지원하는 CASE 도구를 위한 동작환경 구성방법을 제안하고자 한다. 분산된 위치에서 모델 공유를 위한 공유방법을 정의하고 공동 모델 저장소를 구성한다. 또한 시간 경과에 따른 작업 상황 비교를 위한 히스토리 기능 및 작성한 모델에 대해 책임을 부여하기 위해 사용자 인증을 통한 작업자 관리를 설계한다. 본 논문에서 제시하는 동작환경 구성방법은 분산된 위치에서 협업이 가능한 CASE 도구 개발에 기여할 것으로 기대된다.

• 무역상무연구
• /
• 제34권
• /
• pp.157-185
• /
• 2007

The purpose of this thesis is to contribute to the activation of e-contract service for one stop e-trade by analyzing the problems and its solutions in e-contract service at home and abroad. In order to achieve the purpose of this thesis, case studies are done on e-contract service providers such as CECTRUST service of NTT DATA in Japan and HanCM.com of Haansoft in Korea and user companies such as Taisei Corporation using CECTRUST service and Hyundai Card using HanCM.com. The problems in the e-contract service are the lack of e-contract service providers, rare publicity of e-contract service, limited use of e-contract service at only home, higher pricing for e-contract service, short time management of e-contract documents by service providers, no application of newly developed security technology to e-contract service, unsatisfaction of requirements of e-contract service provider as trusted third party, absence of lower pricing e-contract service by service provider, authorizing key error in electronic signature under recognized authentication system in case of fail in renewal of digital certificate and reproduction of digital certificate. The solutions of these problems are the upbringing of e-contract service providers, broad publicity of e-contract service, development of e-contract service on a global basis, establishment of lower pricing for e-contract service, long time management of e-contract documents by service providers, application of newly developed security technology such as bio technology to e-contract service, satisfaction of requirements of e-contract service provider as trusted third party by designation of recognized e-document repository, development of lower e-contract service by way of application service provider(ASP), introduction of time stamping of e-contract document and signature key value. The limitation of this thesis is that the problems and its solutions could not meet with the broad recognition as they are conferred by intuition because of few e-contract service provider.

• 인터넷정보학회논문지
• /
• 제13권6호
• /
• pp.55-62
• /
• 2012

그리드 환경에서 그리드 서비스를 웹 인터페이스 및 웹 서비스로 제공하기 위해 웹 표준 기술에 기반을 둔 그리드-웹 애플리케이션이 증가하고 있다. 그러나 웹 표준 보안 구조에서 위임 인증 방법의 부재로 웹 애플리케이션에 그리드 보안 시스템 GSI를 통합하는 것은 매우 어렵다. 이를 해결하기 위해서는 온라인 자격증명 저장 서비스를 이용하여 웹 애플리케이션에서 그리드 자격증명을 사용할 수 있도록 해야 한다. 본 논문에서는 그리드-웹 애플리케이션과 사용자 간의 상호 신뢰를 전제로 하는 온라인 자격증명 저장 서비스인 MyProxy를 사용하는 방법의 문제점을 분석하고, 상호 신뢰를 바탕으로 하지 않는 그리드 자격증명 위임 서비스를 제안한다. 이 서비스의 자격증명 교환 프로토콜은 OAuth에 X.509 인증 위임 절차를 추가한 것이다. 이 위임 서비스는 그리드-웹 애플리케이션에게 단일 로그온을 제공하고, 하나 이상의 그리드 자격증명을 위임하고 획득할 수 있는 보안 방법을 제공한다.